[Webkit-unassigned] [Bug 26391] New: cookieAcceptPolicy not fully respected
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jun 14 15:18:59 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26391
Summary: cookieAcceptPolicy not fully respected
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh
URL: http://www.time.com/time/world/article/0,8599,1904577,00
.html
OS/Version: Mac OS X 10.5
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: opendarwin at lapcatsoftware.com
Summary:
On my system, I have the HTTPCookieStorage cookieAcceptPolicy set to
NSHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain (corresponding to the Safari
preference "Only from sites I visit"). However, when I load the page
http://www.time.com/time/world/article/0,8599,1904577,00.html with WebKit, I
get a cookie from ".clearspring.com", which is obviously not within the domain
of "time.com".
Steps to reproduce:
1) Launch Safari 4 on Mac OS X 10.5.7.
2) Open Safari preferences
3) Select Accept cookies: Only from sites I visit
4) Click "Show Cookies"
5) Click "Remove All" and "Done"
6) Load the page http://www.time.com/time/world/article/0,8599,1904577,00.html
7) Open preferences again
8) Click "Show Cookies" again
Expected results:
I only see cookies from "time.com"
Actual results:
In addition to cookies from "time.com", I see one cookies from
".clearspring.com"
Regression:
This bug also occurred with the immediately preceding version of Safari on Mac
OS X 10.5.7. Can't remember the exact version #, but it was 3.2.x. The bug also
occurs if you use "/Developer/Examples/WebKit/MiniBrowser" to load the page
rather than Safari.
Notes:
Running in the debugger, I set breakpoints at -[NSHTTPCookieStorage
setCookie:], -[NSHTTPCookieStorage setCookieAcceptPolicy:], and
-[NSHTTPCookieStorage setCookies:forURL:mainDocumentURL:], as well as at
setCookies() in "WebKit/WebCore/platform/mac/CookieJar.mm" with git commit
f8f4e69a4ceb5909eb64ea91fe1de7108710c552 (corresponding to svn r43960). The
methods setCookie: and setCookieAcceptPolicy: never get called. The method
setCookies:forURL:mainDocumentURL: does get called frequently, also from
setCookies() in WebKit, but when printing the cookies I never see
".clearspring.com". Thus, it's a mystery to me where that cookie is getting
set. I guess it must be set somehow without NSHTTPCookieStorage, which may
explain why it's not respecting the cookieAcceptPolicy.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list